cursor-security-rules
Provides a Cursor rules file that enforces secure coding practices and controls AI agent operations through input validation, authentication checks, dependency management, and sensitive operation restrictions.
88
/ 100 · Grade B
B = 80–89
“I need to enforce secure coding practices and control AI agent operations in my Cursor development environment to prevent security vulnerabilities and unauthorized actions.”
cursor-security-rules earned Certified status with a trust score of 88/100 (Grade B). No adversarial findings — all attack patterns were handled gracefully. Security scan flagged 0 findings.
Trust Score Breakdown
Eight weighted signals composing the aggregate trust score
Scheme v2.0 · Weights provisional · Consumer confirmations and uptime use pipeline-derived baselines.
Findings
Security scan results, adversarial testing, and pipeline review
Security Scan — Cisco Skill Scanner
Adversarial Testing — 6 categories, 0 findings
No adversarial findings — all attack patterns handled gracefully.
Methodology v1.0 · 6 categories · ~55 attack patterns
Behavioral Fingerprint
Runtime performance baseline for drift detection
Samples
8
Error rate
0.0%
Peak memory
— MB
Avg CPU
—%
Response time distribution
Output size distribution
Fingerprint v1.0 · Baseline: Mar 29, 2026 · Status: baseline
Interface
Skill triggers and instruction summary
Activation
This skill activates when providing security rules and guidelines for Cursor AI-assisted development environments.
This skill handles the provision of security rules, best practices, and guardrails for AI code generation in Cursor.
Does
Provide security rules for Cursor development environments
Enforce safe coding practices through rule definitions
Prevent exposure of secrets in code generation
Control sensitive operations in AI-generated code
Promote security-first development culture
Does not
Generate unsafe code patterns
Expose secrets or sensitive information
Execute dangerous system commands
Bypass security guardrails
Scope & Permissions
What this capability can and cannot access — derived from pipeline analysis
no
no
no
no
no
no
Known Failure Modes
Documented edge cases and recovery behaviors
when when security rules are not properly implemented
then the agent provides guidance on correct rule implementation
when when unsafe code patterns are requested
then the agent refuses and suggests secure alternatives
Badge & Integration
Embed certification status in your README, docs, or CI pipeline
Certification Notes
Provenance observations from the pipeline
Skill metadata extraction confidence is 75% — review extracted triggers, scope, and behavioral guarantees
Publisher "matank001" is not verified — first certification from this publisher
No SECURITY.md or SECURITY.txt file found — no published vulnerability reporting process
Single contributor — no peer review evidence in commit history
Package description appears to be boilerplate or template text
Signed Artifact
Certification provenance and verification metadata
Pipeline Artifacts
Raw data files from this certification run — downloadable for independent verification
contract.json
Full unsigned contract
stage1-ingest.json
Ingest stage output
stage2a-sbom.json
SBOM generation results
stage2a-vulns.json
Vulnerability scan results
stage2b-security.json
Security scan results
stage3a-functional.json
Functional test results
stage3b-adversarial.json
Adversarial test results
stage3c-fingerprint.json
Behavioral fingerprint
stage4-certify.json
Certification decision + trust score
stage3a-measurements.json
Raw functional test measurements
stage3b-measurements.json
Raw adversarial test measurements
run-log.json
Pipeline execution log
Not all files may be present for every certification.